Certified Information Systems Auditor (CISA) — Question 371

Which of the following responsibilities of an organization's quality assurance (QA) function should raise concern for an IS auditor?

Answer options

• A. Ensuring the test work supports observations
• B. Implementing solutions to correct defects
• C. Updating development methodology
• D. Ensuring standards are adhered to within the development process

Correct answer: B

Explanation

The correct answer is B because implementing solutions to correct defects could lead to conflicts of interest, as QA should remain independent from development. Options A, C, and D focus on maintaining quality and standards, which are essential responsibilities that should not raise concerns for an IS auditor.